httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nelson, Robert D." <RDNel...@Mail.Donaldson.com>
Subject RE: [users@httpd] HTTPS(SSL) reverse proxying.
Date Mon, 31 Jan 2005 21:47:56 GMT
Tasso:

> From what I understand reverse proxying works something like this....
> 
> Client <---- HTTP Request ----> Reverse Proxy <---- HTTP 
> Request ----> Backend Server.
> 
> So https would work like...
> 
> Client <---- HTTPS Request ----> Reverse Proxy <---- HTTP 
> Request ----> Backend server.

This is exactly how we do it for a number of servers/applications.

> So it would just be the case of enabling mod_ssl on the 
> reverse proxy and not having to worry about CONNECT  and that 
> the reverse proxy would handle all HTTPS requests?

You need to have SSL set up for the external domain just as if the proxy
server were serving up the requests directly. Then, simply add your proxy
statements to the virtual host (IP-based, of course). Something like:

<IfDefine SSL>
<VirtualHost 123.456.789.012:443>
    ServerName www.proxyserver.com
    ...

    SSLEngine on
    ...

    ProxyPass / http://www.backendserver.com/
    ProxyPassReverse / http://www.backendserver.com/
</VirtualHost>
</IfDefine>

 ~ Robert


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message